CISA exam

From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?A . Inability to close unused ports on critical serversB . Inability to identify unused licenses within the organizationC . Inability to deploy updated security patchesD...

An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor's BEST course of action?A . Examine the computer to search for evidence supporting the suspicions.B . Advise management of the crime after the investigation.C . Contact the incident...

When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?A . Incident monitoring togsB . The ISP service level agreementC . Reports of network traffic analysisD . Network topology diagramsView AnswerAnswer: D Explanation: Network topology diagrams are...

An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?A . Report the mitigating controls.B . Report the security posture of the organization.C . Determine the value of the firewall.D . Determine the risk of...

What is the BEST control to address SQL injection vulnerabilities?A . Unicode translationB . Secure Sockets Layer (SSL) encryptionC . Input validationD . Digital signaturesView AnswerAnswer: C Explanation: Input validation is the best control to address SQL injection vulnerabilities, because it can prevent malicious users from entering SQL commands or...

Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?A . Frequent testing of backupsB . Annual walk-through testingC . Periodic risk assessmentD . Full operational testView AnswerAnswer: D Explanation: A disaster recovery plan (DRP) is a set of procedures and resources that...

Which of the following is MOST important to ensure when planning a black box penetration test?A . The management of the client organization is aware of the testing.B . The test results will be documented and communicated to management.C . The environment and penetration test scope have been determined.D ....

When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?A . Implementation planB . Project budget provisionsC . Requirements analysisD . Project planView AnswerAnswer: C Explanation: Requirements analysis should be the best thing to compare against the business...

Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?A . Walk-through reviewsB . Substantive testingC . Compliance testingD . Design documentation reviewsView AnswerAnswer: B Explanation: Substantive testing provides the most reliable audit evidence on the validity of transactions in a...

Which of the following demonstrates the use of data analytics for a loan origination process?A . Evaluating whether loan records are included in the batch file and are validated by the servicing systemB . Comparing a population of loans input in the origination system to loans booked on the servicing...